const jwt = require('jsonwebtoken');
const { secret } = require('../config/jwt.config');

const authenticate = (req, res, next) => {
  const token = req.header('Authorization')?.replace('Bearer ', '');
  
  if (!token) {
    return res.status(401).json({
      success: false,
      message: 'Access denied. No token provided.'
    });
  }

  try {
    const decoded = jwt.verify(token, secret);
    req.user = decoded;
    next();
  } catch (ex) {
    res.status(400).json({
      success: false,
      message: 'Invalid token.'
    });
  }
};

module.exports = { authenticate };